[pixel 4 kernel driver: integer overflow in iaxxx_btp_write_words (subsequently leads to oob-read bug)]
Details
In iaxxxbtpwrite_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.